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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

" Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 12 May 2005 . 

2a)^ This action is FINAL, 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) K Claim(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-11 is/are rejected. 
?)□ Claim(s) Is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 12 May 2005 is/are: a)l3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Applicant's arguments filed May 12, 2005, have been fully considered but they 
are not persuasive. 

Response to Amendment 

2. The examiner withdraws the objection to the drawings. 

3. The examiner withdraws the objection to the terms "PPTP". "CMOS", and TIN". 

4. The examiner withdraws the objection to claim 6. 

5. Regarding claim 1 , Exarniner directs Applicant's attention to column 4, lines 18- 
27 of DeTreville, where it clearly states that the system provides a user with access to 
network resources, thus configuring the device to different networks. Applicant's clarifies 
in page 10, lines 15-21 of the amendment, that a laptop can be connected to various 
networks. It is claimed that a network peripheral device is configured to different 
networks, not that the device may access different networks, configured does not imply 
or suggest accessing different networks. 

Specification 

6. The abstract of the disclosure is objected to because it exceeds 150 words in 
length. Correction is required. See MPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
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on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 
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Claim Rejections - 35 USC § 103 

7. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

8. Claims 1-4, 6-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over DeTreville (US Patent Number: 6,609,199) and further In view of Schneier et 
al. (US Patent Number: 5,768,382) and Fielder et al. (US Patent Number: 
6,105,133). 

Regarding claim 1 , DeTreville teaches a security mechanism for enabling a user 
to commence a session between a network peripheral device and a network (column 4, 
lines 18-22), comprising: an immutable memory element that contains first information 
including application software that initiates and provides security services (column 4, 
lines 35-40); a persistent memory element that contains second information to enable 
the security mechanism to configure the network peripheral device to different networks 
(column 5, lines 15-20); a volatile memory element that contains third information, 
including the critical data for authentication, said third information erased from the 
volatile memory at the completion of each connection session (column 5, lines 18-24). 
However, DeTreville does not disclose expressly a tamper-evident enclosure for 
enclosing the memory elements. Schneier et al. teach a tamper-evident enclosure for 
enclosing the memory elements (column 8, lines 15-27). Fielder et al. teach a volatile 
memory element that contains third information, including the critical data for 
authentication, said third information erased from the volatile memory at the completion 
of each connection session (column 4, lines 59-67, column 5, lines 1-4). DeTreville, 
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Schneier et al., and Fielder et al. are analogous art because they are directed to a 
similar problem solving area - authentication systems. At the time of the invention it 
would have been obvious to a person of ordinary skill in the art to: house memory 
components in a tamper evident enclosure to reveal any attempt to physically open the 
structure, and to store critical data for authentication on volatile memory to avoid 
misappropriation. Therefore, it would have been obvious to a person of ordinary skill in 
the art to combine the teachings of Schneier et al. and Fielder et al. with the method of 
DeTreville for the benefit of authentication systems to obtain the invention as specified 
in claim 1 . 

Regarding claim 2, DeTreville. Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches wherein 
the security services include authentication of the security mechanism itself (column 4, 
lines 35-38) and authentication of the user to the network upon receipt of identification 
information from the security mechanism and the user (column 23, lines 4-14), 
respectively. 

Regarding claim 3, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches wherein 
the immutable memory contains a private key for encrypting the user and security 
mechanism identification information (column 22, lines 15-25). 

Regarding claim 4, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches wherein 
the immutable memory comprises a Read-only Memory (ROM) (column 5, lines 16-18). 
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Regarding claim 6. DeTreville. Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, DeTreville teaches wherein 
the persistent memory comprises at least one of one of a Complementary Metal Oxide 
Semiconductor Random Access Memory (CMOSRAM) and a Programmable Read Only 
Memory (PROM) (column 5, lines 16-18). 

Regarding claim 7, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, Fielder et al. teach wherein 
the volatile memory comprises a random access memory (column 4, lines 59-67, 
column 5, lines 1-4). 

Regarding claim 8, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 1 above. Furthermore, Schneier et al. teach wherein 
the tamper evident enclosure readily exhibits any attempt to gain access there through 
to the memory elements enclosed therein (column 8, lines 15-27), ^ 

Regarding claim 9, DeTreville, Schneier et al., and Fielder etal. teach the 
limitations as set forth under claim 1 above. Furthermore, Schneier et al. teach wherein 
the physical security of the security mechanism depends on the degree of tamper 
resistance of the enclosure (column 8, lines 15-27). 

9. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
DeTreville, Schneier et al., and Fielder et al. as applied to claim 4 above, and 
further In view of Borza (US Patent Number: 6,721,891). 

Regarding claim 5, DeTreville, Schneier et al., and Fielder et al. teach the 
limitations as set forth under claim 4 above. However, DeTreville, Schneier et al., and 
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Fielder et al. do not disclose expressly wherein the immutable memory further includes 
a Write-once ROM. Borza teaches wherein the immutable memory further includes a 
Write-once ROM (column 11, lines 10-17). DeTreville, Schneier et al.. Fielder et al., and 
Borza are analogous art because they are directed to a similar problem solving area - 
authentication systems and data protection. At the time of the invention it would have 
been obvious to a person of ordinary skill in the art to use write-once read only memory 
to prevent software from being ovenvritten. Therefore, it would have been obvious to a 
person of ordinary skill in the art to combine the teachings of Borza with the method of 
DeTreville, Schneier et al., and Fielder et al. for the benefit of authentication systems 
and data protection to obtain the invention as specified in claim 5. 
10. Claims 10-11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over DeTreville and further in view of Fielder et al. 

Regarding claim 10, DeTreville teaches a method for facilitating a secure 
connection session with a user between a network peripheral device and a network 
(column 4, lines 18-22), comprising the steps of: accessing an immutable memory 
element that contains first information that provides security sen/ices (column 4, lines 
35-40); accessing a persistent memory element that contains second information 
including configuration information to enable the security mechanism to configure the 
network peripheral device to the network (column 5, lines 15-20); accessing a volatile 
memory element that contains third information, including critical data for authentication 
(column 5, lines 18-24). However, DeTreville does not disclose expressly erasing said 
third information not later than the end of the connection session so no third information 
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remains in the volatile memory between sessions. Fielder et al. teach erasing said third 
information not later than the end of the connection session so no third information 
remains in the volatile memory between sessions (column 4, lines 59-67, column 5, 
lines 1-4). DeTreville and Fielder et al. are analogous art because they are directed to a 
similar problem solving area - authentication systems. At the time of the invention it 
would have been obvious to a person of ordinary skill in the art to store critical data for 
authentication on volatile memory to avoid misappropriation. Therefore, it would have 
been obvious to a person of ordinary skill in the art to combine the teachings of Fielder 
et al. with the method of DeTreville for the benefit of authentication systems to obtain 
the invention as specified in claim 10. 

Regarding claim 1 1 , DeTreville and Fielder et al. teach the limitations as set forth 
under claim 10 above. Furthermore, DeTreville teaches wherein the security services 
include authentication of the security mechanism itself (column 4, lines 35-38) and 
authentication of the user to the network upon receipt of identification information from 
the security mechanism and the user (column 23, lines 4-14), respectively. 
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Conclusion 

1 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm. off 
on Wednesday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is as3igned is 703-872-9306. 
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Information regarding tlie status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status Information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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